Re: Accepted squirrelmail 2:1.4.23~svn20120406-2+deb7u2 (source all) into oldoldstable

To: debian-lts@lists.debian.org
Subject: Re: Accepted squirrelmail 2:1.4.23~svn20120406-2+deb7u2 (source all) into oldoldstable
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Wed, 11 Apr 2018 16:12:58 -0400
Message-id: <[🔎] 87po3533jp.fsf@curie.anarc.at>
In-reply-to: <E1f6KPK-0001II-9D@seger.debian.org>
References: <E1f6KPK-0001II-9D@seger.debian.org>

Did you forget to issue a DLA for this one? I see the package is not
claimed in dla-needed.txt either...

a.

On 2018-04-11 18:23:46, Thijs Kinkhorst wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Wed, 11 Apr 2018 13:24:23 +0200
> Source: squirrelmail
> Binary: squirrelmail
> Architecture: source all
> Version: 2:1.4.23~svn20120406-2+deb7u2
> Distribution: wheezy-security
> Urgency: high
> Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
> Changed-By: Thijs Kinkhorst <thijs@debian.org>
> Description: 
>  squirrelmail - Webmail for nuts
> Closes: 893202
> Changes: 
>  squirrelmail (2:1.4.23~svn20120406-2+deb7u2) wheezy-security; urgency=high
>  .
>    * Path traversal vulnerability (CVE-2018-8741)
>      Directory traversal flaw in Deliver.class.php can allow a remote
>      attacker to retrieve or delete arbitrary files. (Closes: #893202)
> Checksums-Sha1: 
>  f922ec47972a3a6281374af9f2f2c007ac1b815b 1673 squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  2b406c312e8650c092c6fdb3aaa770da3fe44e7b 40065 squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  4255b987b44dd1088fd1a0d444d928aaae2415be 644190 squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
> Checksums-Sha256: 
>  8400ba54f905e8e6d58682362a4948865b68436d2c6e362d0709981ccf4752a6 1673 squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  8d6983edbbc566654e74d541c7d99e028ea9abab18babada166c0e2a026e18f8 40065 squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  c68ade218517d455b2d6a5df9521de39fe646268eda09749fedcab93547326f4 644190 squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
> Files: 
>  e1154fe67bb006221eab16ae82ac201b 1673 web optional squirrelmail_1.4.23~svn20120406-2+deb7u2.dsc
>  d39330150cebf157e28e24a6bb6ea4ab 40065 web optional squirrelmail_1.4.23~svn20120406-2+deb7u2.debian.tar.gz
>  7000baeefe4ac237ff1d7772eade3295 644190 web optional squirrelmail_1.4.23~svn20120406-2+deb7u2_all.deb
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEuBAEBCAAYBQJazfEAERx0aGlqc0BkZWJpYW4ub3JnAAoJEFb2GnlAHawE5r8I
> AIG3VU7P6/hhy4V/RFfAM1XABOjdJiU2M+oUni81iYtN8fGcbo1csFdunfPIC5s7
> dxa8Er1KHskLxovIuEQAe1GT+C4ubHwq7K9pcnanOuw73Ob3FFrwrh77ARTT2SZx
> oTPAwgknJrVFJLad/TVqEecuBIMmKgA5x3PBjobQYnzdll73nu1I3j1fhC6CyQCY
> vz52/SicwucAhwJMrfuBFfwNm65CdtrQ0EKZuwwx8ptV/KHMDmrULOBH9qdQfQE4
> j4LDYiDYU5CcXs3EMiC933okzhRi09K2uy7TpZKaKvsrgXUX6bJXiWlY5UBA2eix
> IFzxH89V6UkTlkihLoWIwng=
> =lfnt
> -----END PGP SIGNATURE-----

-- 
You can't conquer a free man; the most you can do is kill him.
                       -  Robert A. Heinlein

Reply to:

Follow-Ups:
- Re: Accepted squirrelmail 2:1.4.23~svn20120406-2+deb7u2 (source all) into oldoldstable
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Re: finding packages after no-dsa
Next by Date: Re: libgcrypt11 same issue? Was: Re: [SECURITY] [DLA 1283-1] python-crypto security update
Previous by thread: Re: finding packages after no-dsa
Next by thread: Re: Accepted squirrelmail 2:1.4.23~svn20120406-2+deb7u2 (source all) into oldoldstable
Index(es):
- Date
- Thread